To better protect themselves and their assets during a concerning rise in cybercriminal activity, Payments 20 (P20) has formed a partnership with some of the largest payment firms and law enforcement organisations in the game.
The advocacy group, alongside organisations including American Express, Elavon, Hogan Lovells, J.P. Morgan Chase, the UK National Cyber Security Centre, and New York State Department of Financial Services, has created a new report entitled ‘20 Best Practice Recommendations for Improved Cyber Security Protection.’
The report emphasises the urgency of implementing more efficient and comprehensive cyber security frameworks in response to the increasing capabilities of cybercriminals, scammers, and other nefarious actors since the onset of the Covid-19 pandemic.
The uncertainty and disruption caused by the pandemic have presented cybercriminals with a wealth of opportunities to attack. Since March 2020 cybercrime has rocketed, with 74% of banks experiencing a rise in cyber attacks, and 3 out of 4 financial institutions worrying about the historic rise in criminal activity and what will happen going forward.
The cyber security problem now represents a serious systemic threat to the global financial system, a sentiment echoed by Chairman of the Federal Reserve Jerome Powell, who voiced his opinion back in April 2021 that a cyber-attack may result in the next financial crisis. This highlights the need for a collective global, standardised approach towards counteracting the threat.
The best practice actions cover 5 areas:
- Network security
- Data handling
- Employee awareness
- Actions before a cyberattack occurs
- Actions immediately after a cyberattack occurs
“As businesses across the globe embraced remote working and shifted operations online, the state-sponsored and professional criminal gangs exploited the weaknesses of security apparatus and the fears of individuals,” comments Duncan Sandys, Chief Executive Officer at P20. “At P20, we believe everyone has a part to play in protecting their organisation and its reputation against this threat. This is why we joined forces with leading financial institutions, cyber security experts and government officials to compile standardised, easy-to-implement actions for noncyber experts which will go a long way in strengthening their organisations’ defenses and protecting their customers.”
Adding to this, Michael Papay, EVP, Technology Risk and Information Security at American Express, said, “The greatest vulnerabilities in the payments network are those hidden third-parties or fourth-party suppliers that nobody has identified as a risk. A lot of the big companies involved in payments networks understand the challenges — they understand information security; they know how to approach these problems and how to tackle them. It’s the smaller companies that are providing some critical service that we haven’t fully solved for yet.”
JF Legault, Managing Director, Global Head of Cyber Security Operations at J.P. Morgan Chase, said, “You can have the strongest controls in the world, the best cyber security program but one thing that organisations continuously need to work on is improving their crisis management processes.”
Paul Maddinson, Director for National Resilience and Strategy at the UK National Cyber Security Centre (NCSC), said, “There are several things that we recommend for small organisations to get those basics right. One is about backing up data and making sure you’re doing that properly. The second is using passwords appropriately. The third is keeping your devices updated and making sure that the software is patched. The fourth is putting some protections in place against malware and then trying to avoid phishing attacks through email and how your staff responds.”
The publication of the report comes ahead of P20’s annual Global Payment Conference (28 to 29 September 2021) where cyber security will be a key talking point. The conference will bring together hundreds of industry leaders, politicians, government officials, regulators, thought leaders, and others to highlight trends, debate industry priorities, and shape the future.
